[Bug 2497] New: Add debugging information to ga_match() to show each attempted match

Thu Nov 19 01:56:24 AEDT 2015

https://bugzilla.mindrot.org/show_bug.cgi?id=2497

            Bug ID: 2497
           Summary: Add debugging information to ga_match() to show each
                    attempted match
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2752
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2752&action=edit
verbose group match logging

When using identity management it can be tricky to debug non-local
users logins, especially in combination with many groups used, as
described in our bugzilla [1] (related pull request on github [2]).

The actual problem is lying in sssd, but having this feature can help
to debug and understand what is going on under the hood of sshd during
login time and during group matching.

Steps to Reproduce:
1. Set 'AllowGroups test_group "domain user group"' to the
/etc/ssh/sshd_config file
2. Set 'LogLevel Debug3' in the /etc/ssh/sshd_config file.
3. Restart sshd.
4. Attempt to log in with a user in the 'users' group.

Actual results:
5. Remain puzzled

Expected results:
5. Find out that the "domain user group" is never being pulled from the
group list and so never matches.  Or something.

Original patch is by Paul Wayper

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1283011
[2] https://github.com/openssh/openssh-portable/pull/33

-- 
You are receiving this mail because:
You are watching the assignee of the bug.